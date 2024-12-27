Cyberhaven, a data-loss prevention startup, has confirmed a security breach involving its Google Chrome browser extension. Hackers managed to release a malicious update capable of stealing user passwords and session tokens.

What Happened: The breach was confirmed by Cyberhaven on Friday, although specifics were not disclosed. The email, shared by security researcher Matt Johansen, revealed that a company account was compromised to release the malicious update on Dec. 25.

This update allowed sensitive data to be extracted to the attacker’s domain.

The company stated that its security team identified the breach on December 25 and removed the malicious extension from the Chrome Web Store, replacing it with a legitimate version, according to a report by Vulnerable U.

Cyberhaven’s email advised affected users to revoke and rotate passwords and review logs for suspicious activity.

The company has engaged an incident response firm and is cooperating with federal law enforcement.

Why It Matters: This breach highlights ongoing security challenges related to browser extensions.

Earlier this year, Google faced scrutiny over its Chrome browser’s privacy practices, particularly in “incognito” mode, where data collection was found to occur without user consent. This incident underscores the importance of robust security measures in browser extensions.

Amid these security concerns, Google has recently integrated AI in its Threat Intelligence tool to enhance its cybersecurity posture. This tool aims to rapidly identify vulnerabilities, which could be crucial in preventing similar breaches.

The search giant also filed an appeal against the Epic Games ruling, citing a higher risk of new security issues.

